firejail - Mirror of https://github.com/netblue30/firejail

	Commit message (Collapse)	Author	Age
...
* \|	move copyright statement to 2019	smitsohu	2019-02-07
\| \|
* \|	Merge pull request #2391 from rusty-snake/add_klavaro-profile	SkewedZeppelin	2019-02-06
\|\ \ \| \| \| \| \| \|	Add a profile for klavaro
\| * \|	Add a profile for klavaro	rusty-snake	2019-02-06
\| \| \|
* \| \|	Merge branch 'master' of https://github.com/netblue30/firejail	smitsohu	2019-02-06
\|\\| \|
\| * \|	fix small memleak	Reiner Herrmann	2019-02-05
\| \| \|
\| * \|	variable only used when whitelisting enabled	Reiner Herrmann	2019-02-05
\| \| \|
\| * \|	cnt only used for debugging	Reiner Herrmann	2019-02-05
\| \| \|
\| * \|	move usage check to single place	Reiner Herrmann	2019-02-05
\| \| \|
\| * \|	use correct struct member for offset	Reiner Herrmann	2019-02-05
\| \| \| \| \| \| \| \| \| \| \| \|	Fixes: #2381
\| * \|	simplify yes/no option parsing	Reiner Herrmann	2019-02-05
\| \| \|
\| * \|	Stress apparmor local overrides	glitsj16	2019-02-05
\| \| \| \| \| \| \| \| \|	As per discussion on https://github.com/netblue30/firejail/pull/2390, we better use slightly stronger/less optional wording when it comes to where local apparmor overrides need to be done.
* \| \|	strncmp byte count fixes	smitsohu	2019-02-06
\|/ /
* \|	firejail.config fixes	smitsohu	2019-02-04
\| \| \| \| \| \| \| \|	always print a warning, treat join-or-start like join
* \|	--name rework	netblue30	2019-02-01
\| \|
* \|	Fix parsing of cgroup option in config	Reiner Herrmann	2019-01-27
\| \|
* \|	enable/disable cgroup in firejail.config	netblue30	2019-01-27
\|/
*	removed mincore syscall from default seccomp filter	netblue30	2019-01-23
\|
*	Edit github-desktop entree in firecfg	glitsj16	2019-01-22
\|
*	conditional testing0.9.58-rc1	netblue30	2019-01-21
\|
*	Merge branch 'master' of https://github.com/netblue30/firejail	smitsohu	2019-01-20
\|\
\| *	Add clawsker to firecfg.config	glitsj16	2019-01-20
\| \|
* \|	cleanup, minor improvements	smitsohu	2019-01-20
\| \|
* \|	disallow zero seconds timeout	smitsohu	2019-01-20
\| \|
* \|	rearrange shutdown option	smitsohu	2019-01-20
\| \| \| \| \| \| \| \|	in order to run it with reduced privileges
* \|	signal handler fixes/improvements	smitsohu	2019-01-19
\| \|
* \|	improve chroot error handling	smitsohu	2019-01-19
\|/
*	adding mincore syscall to the default seccomp filter and some independent ↵	netblue30	2019-01-14
\| \| \| \|	profiles
*	fix error message	smitsohu	2019-01-13
\| \| \| \| \|	as --appimage can be combined with chroot and overlay options, querying it first makes the error message more correct
*	fix parent death signal	smitsohu	2019-01-13
\| \| \| \| \| \|	turns out the parent death signal is reset every time the effective uid changes, hence moving the prctl call to the earliest place where the setting is persistent.
*	fix netfilter-default functionality in /etc/firejail/firejail.config	netblue30	2019-01-09
\|
*	fix join/seccomp #2296	netblue30	2019-01-08
\|
*	Correctly set address length in arp frames	Nicholas Molloy	2019-01-02
\| \| \| \| \| \| \| \| \| \|	Kernel commit 99137b7 introduced an additional check of the address length. This exposed a bug in the arp code where the address length was being set incorrectly. Now the length is set from the ETH_ALEN constant declared in linux/if_ether.h This fixes #2314
*	Add a profile for ghostwriter (#2319)	rusty-snake	2018-12-30
\| \| \| \| \|	* Add a profile for ghostwriter
*	join: also check proc file to detect nonewprivs bit	smitsohu	2018-12-17
\| \| \| \| \|	redundant check that adds defense in depth and maybe one day can replace the other, file based check
*	Merge pull request #2297 from smitsohu/patch	startx2017	2018-12-17
\|\ \| \| \| \|	enforce nonewprivs instead of seccomp for chroot sandboxes
\| *	enforce nonewprivs instead of seccomp for chroot sandboxes	smitsohu	2018-12-15
\| \| \| \| \| \| \| \| \| \|	currently users are able to specify a seccomp filter of their choosing, leaving the real defense to nonewprivs anyway.
* \|	New profile for supertuxkart. (#2298)	rusty-snake	2018-12-16
\| \| \| \| \| \| \| \| \| \| \| \|	* New profile supertuxkart * review fixes
* \|	fix netstats typo in man firejail	glitsj16	2018-12-16
\|/
*	join: check prctl return value	smitsohu	2018-12-14
\|
*	add explicit nonewprivs support to join option; accompanying small improvements	smitsohu	2018-12-14
\|
*	firecfg: improve error string	smitsohu	2018-12-13
\| \| \| \|	emphasize that only firecfg needs all permissions, not firejail
*	pulseaudio: use create_dir_as_user(); small adjustments	smitsohu	2018-12-13
\|
*	Revert "pulseaudio: use env variable fallback in more cases"	smitsohu	2018-12-13
\| \| \| \| \| \| \| \| \|	This reverts commit 93779cb9cd0d098cd3587e2f795200d98e3af1ee. That commit removed restrictions, but also added new inconsistencies. Starting again from the previous state is easier than evolving the current state, hence reverting the commit.
*	pulseaudio: use env variable fallback in more cases	smitsohu	2018-12-11
\| \| \| \| \| \|	setting the PULSE_CLIENTCONFIG environment variable to the unmounted file is a safe fallback, use it in more cases when mounting is considered not an option
*	add create_empty_dir_as_user function, refactor	smitsohu	2018-12-11
\|
*	xorg: check if Xauthority mount point was created	smitsohu	2018-12-11
\| \| \| \|	and print more meaningful error message
*	Add a profile for thunderbird-wayland	rusty-snake	2018-12-10
\|
*	improve sandboxing of KDE apps: set KDE_FORK_SLAVES, blacklist slave-sockets	smitsohu	2018-12-07
\| \| \| \| \| \| \| \| \| \|	setting the KDE_FORK_SLAVES environment variable removes all inconsistencies that arise from slaves running outside the sandbox or in a different sandbox; it also makes it slightly more difficult to abuse KIO in general and helps to mitigate security problems due to thumbnailing, which now always happens inside the same sandbox. The trade-off is more concurrently running slave processes. closes #2285
*	add HAS_NODBUS conditional, ${RUNUSER} makro	smitsohu	2018-12-07
\|
*	merges	Tad	2018-11-29
\|